The US Bureau of Labor Statistics predicts that the information technology security sector will grow by 31% by the end of 2029 – “much faster than average,” according to their findings. Cybersecurity specialists are few and far between, and there are plenty of job openings if you wish to become an IT security expert. However, before you do, you might first want to know what education you need to be a cybersecurity specialist.
It is a well-established belief that, in the IT industry, a college degree doesn’t count for much; what matters is what skills you possess, what projects you’ve worked on, and how prepared you are to continue learning and improving yourself.
And while this belief is accurate up to an extent, it doesn’t paint the whole picture when it comes to education in cybersecurity. Let’s find out what set of skills you need, whether a college degree is a must, and what certifications will help you kick off your information security career.
Cyber Security Skills
Regardless of what position you’re after – a security engineer, security analyst, computer forensic expert, chief information security officer, or other – all cybersecurity roles require a particular set of skills. These skills are typically divided into hard and soft.
Some hard skills that are required are:
- Fundamentals of computer sciences
- Knowledge of at least one programming language (Java, C#, C++, PHP)
- Familiarity with the Mitre Att&ck framework
- Ability to perform penetration tests and vulnerability assessments
- SIEM (Security Information and Event Management) knowledge
- Knowledge of Cisco hardware and software (for networking security)
- Threat modeling, ethical hacking, best coding practices
- In-depth knowledge of UNIX, Linux, and Windows operating systems, and more
Some cybersecurity professionals work by themselves, but more often than not, they are a part of an IT security team in an organization. This requires communication and active listening skills to be able to work within a team.
Additionally, security specialists often work under tremendous pressure. If a cyberattack, infiltration, or breach is detected, no matter the time of day or week, they need to be present to deflect it, find the perpetrators, and perform damage control. Critical thinking and clear reasoning in high-stress situations are a must-have for someone holding this job position.
With all that being said, here are the soft skills required of an information security specialist:
- Active listening and clear communication skills
- Creative and technical problem solving
- Critical thinking
- Ability to make split-second decisions in emergencies
- Great attention to detail
- Adaptability to any work team and environment
When you’re building your resume, don’t forget to include what soft skills you excel at since they might propel you to the top spot in the hiring process.
The question of whether or not you require a cybersecurity degree is a complex one.
On the one hand, just like in any other IT branch, it is possible to land your first security specialist job without a college degree of any kind. All you will need is a set of relevant IT security certifications, perhaps some practical experience, and you’ve got the job.
However, whether you will advance to higher positions is a different matter. It mainly depends on the company’s policy and career development strategy.
In cybersecurity, knowledge is a big concern. In the case of a standard software or web developer, not much is at stake if they make a mistake; you may need to push back a deadline, a client might become unhappy, but nothing more than that. However, when your main task is to develop and implement security systems, an error might lead to severe data loss and potentially even financial ruin.
To minimize the chances of this happening, most companies set up strict education requirements and are looking to hire applicants with bachelor degrees. For higher positions, a master’s degree is preferred. It doesn’t necessarily have to be a degree in cybersecurity – a related field will work as well, such as computer engineering, computer programming, computer and information sciences, and others.
It is also not too relevant whether applicants are coming in with standard degrees or online degrees – most organizations want to guarantee your knowledge in the form of a diploma, no matter its source.
Whether or not you hold a degree in cybersecurity or a similar field, having one or several certifications under your belt is a huge bonus. This demonstrates to your potential employers that you’re actively working on expanding your knowledge base, improving your skills and that you have no problems keeping up with new technologies.
One of the defining characteristics any computer security specialist should have is to stay up to date with what’s up and coming. In a world as fast-paced as computer security, if you’re not careful, it could only be a matter of months before your current level of expertise becomes obsolete.
Professional certifications or certs will provide you with a good knowledge base and perhaps even some practical experience before deciding to step into information system security. Here are examples of some of the most prevalent cybersecurity certifications:
- Cisco Certified Network Associate (CCNA, Routing, and Switching)
- Certified Information Security Manager (CISM)
- EC-Council Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+ Base-Level Certification
- Systems Administration and Network Security Certifications (SANS)
It stands to reason that you’re not obligated to obtain all of these certifications. It all depends on what area of IT security sparks your interest. Ethical hackers (also known as penetration testers) can clearly benefit from EC-Council’s ethical hacker certification; security consultants can choose between SANS, CISM, and CISSP certs; security architects will need certifications on an even higher level.
Choose your certificate program based on what type of work you’d like to do, how much time you have at your disposal, and the size of your budget. If you’re working a full-time job while getting certified, you likely won’t have the energy to go through more than one program at a time, so keep that in mind.
Before you start crafting your cybersecurity resume, it is a good idea to look into gaining some experience first.
This could refer to experience in a related occupation, such as a network administrator or a systems administrator. For example, if you are searching for a job in database security, you could benefit from database administration experience. For system security, a former computer systems analyst might be the perfect candidate.
However, if you can obtain experience directly in IT security, that would be perfect.
Look for internship opportunities in companies for which you’d like to work. Working a full-time job for no money isn’t ideal, but if you use your internship well, it will only be a matter of time before you are hired as a regular employee. Learn from your coworkers and managers and absorb anything they want to teach you. Be curious, ask questions, and offer insights to demonstrate how well you understand the subject matter and how you can think outside the box.
With a little bit of practical experience to spice up your resume, you won’t have any trouble finding the security specialist job you’re aiming for.
While it is true that a college degree isn’t necessary for most IT job titles, it proves to be extremely relevant for someone looking for an IT security position. Some companies might be satisfied with associate’s degrees, but bachelor’s degrees are usually preferred.
If you already hold a degree in an IT branch not connected to cybersecurity, you likely won’t need to get an additional degree. However, it would be best to supplement your knowledge and experience through various IT security certifications. These can be geared towards ethical hackers, security software developers, security architects, analysts, or any other computer security job title. Choose the right set of certifications based on where you see yourself further down your career path.
Lastly, don’t neglect the importance of practical experience. Look for entry-level jobs that might not be what you want right now, but that will be your first step towards building your cybersecurity career. Internships are also a good option – they will offer you a chance to learn from more experienced specialists and may lead to permanent employment later on.
If you’d like an evaluation of your skills and advice on what type of education and certifications you should go for, take a look at My Computer Career’s free career evaluation. Once you understand what’s required of you to land your first cybersecurity job, you will know what steps to take to get there!